Compliance

Introduction to SMS and MMS Compliance in New Zealand: Navigating regulations and best practices

SMS marketing remains a powerful tool for businesses in New Zealand, providing a direct way to engage with customers. With open rates close to 98%, SMS offers an unparalleled communication channel. However, it’s essential to adhere to the regulations set out by the Unsolicited Electronic Messages Act 2007 to avoid penalties and maintain customer trust.

This guide presents a clear and concise SMS compliance checklist for New Zealand businesses. It focuses on obtaining consent, clear identification, opt-out mechanisms, and data security, ensuring your SMS campaigns are both effective and legally compliant.

1. Obtaining clear consent in SMS Marketing: The foundation of SMS Compliance

In New Zealand, businesses must obtain clear and verifiable consent from customers before sending them SMS marketing messages. This requirement is crucial to comply with the Unsolicited Electronic Messages Act 2007 and the antispam rules for businesses.

  • Why it matters: Consent isn’t just a legal necessity—it also ensures that your messages are welcomed by recipients, improving engagement and reducing the risk of complaints.

  • How to get it right: At Kudosity, we recommend implementing a double opt-in process to verify consent. This two-step method involves the customer first expressing interest in receiving messages—such as by entering their mobile number on a website form—followed by a confirmation step. In the confirmation step, the customer receives an SMS asking them to reply with “YES” or a similar keyword to confirm their consent. This additional step ensures that the consent is both clear and intentional, protecting your business and enhancing customer trust.

  • Example: A restaurant could invite customers to sign up for SMS updates through an online form. After the customer submits their mobile number, they receive an SMS that says, “Please reply ‘YES’ to confirm you want to receive exclusive offers and updates from [Restaurant Name].” Only after the customer replies “YES” will they be added to the SMS list, ensuring that they have actively and knowingly opted in.

2. Identifying your business clearly in SMS: Build trust with every text message

Every SMS or MMS message must clearly identify your business to ensure transparency and build trust with your customers.

  • Why it matters: Customers are more likely to engage with messages when they know exactly who is contacting them. Clear identification also helps avoid your messages being marked as spam.

  • How to get it right: Always start or end your SMS with your business name.

  • Example: Visit [Your Business Name] this weekend for exclusive offers!

Lease a virtual number with Kudosity: Build brand trust
See Numbers Available

3. Providing simple Opt-Out options: Respect your customers' preferences

New Zealand law mandates that every SMS must include an easy-to-use opt-out option, allowing recipients to stop receiving messages at any time.

  • Why it matters: Providing a direct way to opt out respects customer preferences and helps maintain a positive relationship with your audience.

  • How to get it right: Include instructions like "Text STOP to [number] to unsubscribe" in every SMS. Ensure that opt-out requests are processed immediately.

  • Example: Want to stop receiving our messages? Reply STOP to unsubscribe.

4. Securing customer data in SMS Marketing: Protect your customer’s information and your business

Data privacy is critical in SMS marketing. The Privacy Act 2020 provides the rules in New Zealand for protecting personal information and puts responsibilities on businesses and organisations to ensure personal information, such as phone numbers, is stored and handled securely.

  • Why it matters: Protecting customer data is not only a legal requirement but also a foundation of maintaining customer trust. Data breaches can lead to significant financial and reputational damage.

  • How to get it right: Use encryption for storing and transmitting customer data. Access to this data should be limited to authorised personnel only.

  • Example: Store customer phone numbers in an encrypted database and regularly review your security protocols to protect against breaches.

5. Regular SMS and MMS Compliance Audits: Stay ahead of changes

Regularly auditing your SMS marketing practices helps ensure that you stay compliant with the Unsolicited Electronic Messages Act and can adapt to any changes in the regulatory environment.

  • Why it matters: The digital marketing landscape is dynamic, and regulations may evolve. Regular monitoring helps your business stay compliant and avoid potential fines.

  • How to get it right: Schedule periodic reviews of your consent records, SMS content, and opt-out processes. Adjust your practices as needed to maintain compliance.

Quick SMS Compliance checklist for New Zealand businesses

  1. Obtain Clear Consent:

    Implement and document a double opt-in process.

  2. Identify Your Business in Every Text:
    Clearly state your business name in the message.

  3. Provide an Easy Opt-Out Option:
    Include "Text STOP to [number] to unsubscribe" in all messages.

  4. Secure Customer Data:
    Encrypt data and limit access to authorised personnel.

  5. Conduct Regular Compliance Audits:
    Review and update practices regularly.

Conclusion

Staying compliant with SMS regulations in New Zealand is crucial for legal and ethical reasons. By following this checklist, your business can effectively engage customers while adhering to the Unsolicited Electronic Messages Act 2007. Compliance not only protects your business from legal risks but also helps build long-term customer relationships based on trust and transparency.

We support responsible sending

The Kudosity SMS platform is built to ensure your marketing messages are spam compliant.

Our online platform will auto-add ‘Opt-out reply STOP’ to your messages when you create a campaign. If the sender ID you’re messaging from contains a word (alpha-numeric), Kudosity adds an automatically-generated unique unsubscribe link.

Save more time with automatic management of all opt-out requests. Streamline your next campaign; Kudosity will automatically exclude opt-outs, so you can take that off your manual to-do list.

We are ISO 27001 and SOC 2 | Type I certified. All connections are https:// using TLS versions 1.2 up, ensuring your conversations and data are secure and have 100% Australian data sovereignty; rest assured– when you gather information from your customers and prospects – their data is safe with us. We confirm the safety and whereabouts of your data and simplify data compliance requirements.

Spam regulations are serious. Kudosity makes it easy to send responsibly.